Meta

Month: June 2017

This article is a cautionary tale about the dangers of an arms race. In this case, the arms were cyber weapons meant to combat terrorism, but were somehow stolen from the N.S.A. and sold on the black market. They were, in turn, used by terrorist forces against US allies, like Britain and the Ukraine. While the N.S.A. has remained quiet about all of this, the question being raised is, “Did the N.S.A. race to develop weapons without taking the proper steps to a) keep them secure and b) be able to shut them down should they fall into the wrong hands?” The answer to both seems to be no.

This article highlights the latest and most popular form of cyber attack today, RansomWare attacks. What they do is encrypt all the files on your computer, and direct you to a website where you can pay some sum of money to get the decryption key. They attack using vulnerabilities in the Windows OS, utilizing stolen N.S.A. cyber weapons. The latest attack started in the Ukraine, and quickly spread to 64 different countries, including the US. It wasn’t long before the email address associated with the hackers was shut down, so even if you paid the ransom, there was no way for them to send you the decryption key.

Reflection:

Based on all the research I’ve done for this assignment, I knew it was bad out there, but not like this. It would seem that, in our rush to either establish or maintain “arms superiority” we’ve developed weapons of digital mass destruction that are no longer under our control, and are being auctioned off to the highest bidder (usually terrorists) to do with as they please.I mentioned in my last post that we needed to shift from a political realist approach to a political liberalist approach, and this highlights that need. We’ve got to get experts on this, not just for cyber offense, but cyber defense, to ensure that whatever we develop doesn’t end up in the wrong hands. In the old days, barbed wire, a high wall, and some steel doors were all you needed to keep your secrets safe, but in the digital world, security seems lackadaisical at best, and that’s just plain unacceptable. This is the future of our conflict, to quote the first article, “every flash point has a cyber element”, so we can’t afford to let our guard down now. Unconventional enemies require unconventional means, we learned that in Afghanistan, and right now, we’re playing catch up with Iran, who is openly funding cyber terrorist organizations to keep their enemies off balance. Imagine what they could do, or have already done, with the N.S.A cyber weapons. Actually, I’d rather not think about that.

This article makes an interesting point in that the War on Terror isn’t over, but that it has shifted to a new battle field, cyber space. They go on to say that action must be taken to defend ourselves on this new front. Just like we recruited top soldiers and personnel for previous conflicts, we have to do the same here if we’re going to stay competitive, and come out on top.

This article discusses some of the history of cyber defense, leading up to the new face of the War on Terror. From there, they suggest a way forward for organizations like the Department of Homeland Security (DHS), the FBI, and police at the state and local level, highlighting the fact that communication and awareness is often times the deciding factor in defeating a cyber attack.

Reflection:

My experience with the War on Terror was as a soldier in Afghanistan. With the troop withdrawal, I was left wondering where the fight would take place next. The answer is that, in addition to continuing attacks in the real world, the battlefield has shifted to include cyberspace. With this shift has come a shift in policies as well, to help combat it. Congress has implemented the Cybersecurity Information Sharing Act of 2015, the National Cybersecurity Protection Advancement Act and the Protecting Cyber Networks Act. These are just a few bills that were sanctioned in support of cyber security. Furthermore, Congress launched an incentive for private-sector companies to increase participation in the war on cyber terrorism. This is a classic political realist approach, only taking action when the threat presents itself, and then bringing as much might to bear as possible. Unfortunately, they’re going to have to call in some experts, because this is a specialized battlefield, and not something just anyone can defend against, which means they might have to liberalize their thinking a bit (in terms of globalization perspectives) if they want to continue to safeguard our national interests.

This article discusses how Egyptian journalists are handicapped when it comes to news reporting. It talks about the laws in place that prevent journalists from reporting anything other than the party line, and most importantly, it gives an example of how a cyber activist leaked a video that shattered the narrative the Egyptian government was trying to establish.

This enormous article discusses the problems faced by the media in reporting on terrorism. It highlights all the faults of the media and their current style of reporting, and outlines a “best practices” approach for “good” journalism, a way to get the information out without empowering terrorists, inciting fear, or spreading false information.

Side Note: The media is, in fact, a form of cyber activism, but it shouldn’t be. Anyone who is promoting an idea, pushing an agenda, protesting a policy or promoting a candidate online is a cyber activist. The news should be an unbiased source of information, but it’s not. Entertainment news isn’t news about entertainment, it’s news for entertainment. They have ratings to worry about as well, after all.

Reflection:

We are all aware of media bias. You only have to look at Fox News and CNN to see it in action. However, such bias doesn’t seem to exist in countries where Freedom of Speech isn’t a thing. Take Egypt, for example. Their cyber activists risk their freedom, and possibly their lives, in order to expose the truth about what is happening in their War on Terror, and to bring the atrocities committed to light. In the US, we have so many different news outlets, we can pick and choose what version of the truth we want to see. That’s not a good thing. The second article has an example of cyber activism at its worst, when they’re discussing a school bombing, and how Reddit named a missing student as the bomber, and this was retweeted by a number of reporters and news outlets, in order to “get the word out” for “public safety” and to “bring him to justice”. This information wasn’t verified, and a lot of time was wasted looking for this student, time that could have been spent looking for the actual bombers. In my previous blog entry, I commented on how the government benefits from the media keeping the public in a state of fear concerning terrorism. And so, I’m left with the question, if the actions of our media constitute cyber activism (see my Side Note above), at what point do their actions cross the line and become domestic cyber terrorism?

This article does a good job of outlining the war on terror, noting progress made and the speed bumps along the way. Interestingly enough, this article also points out major factors that have contributed to public perception on the war on terror, and how that perception differs from the reality of the situation.

This article takes a similar stance as the previous article, outlining the war on terror, how it started, and where it is now. Additionally, however, this article shows how the US response to 9/11 actually created the ideal conditions for terrorist groups to exist and expand, having the opposite effect then what we were aiming for.

Reflection:

My knowledge of the Global War on Terror was limited to what I had personally seen, first as a child when the towers fell, and second as a soldier operating in Afghanistan. These articles have broadened my viewpoint to include the forest, not just the trees. I didn’t know that ISIS only exists because the US destabilized Iraq and the Syrian civil war destabilized that region, which gave them the opportunity to expand. And while terrorist operational capabilities remain limited, they make use of cyber activism to recruit insurgents and inspire lone wolf terrorist attacks all over the world. Something else I was unaware of was how “at risk” the typical American thinks we are. I know that terrorists have limited means to strike at the US, but the average American only has the media to depend on for such information, and the media paints a fairly dark and scary picture, that the public has eaten up. I had no idea that 50% of Americans think we could be the victim of another “9/11” style terrorist attack. But, that’s the point, though, isn’t it? As long as Americans think terrorists are a real threat, they can be used as political leverage to get any number of bills or proposals passed, as long as they “improve American security”, capitalizing on a politically realist perspective that has been cultivated by the media. The big take away though, is that even though we’re 16 years into this Global War on Terror, and even though we have our opponents cornered, we’ve still got a lot of work to do if we intend to see this through to the end.

This publication aims to define what cyber terrorism actually is, giving the definition governments use. They go on to say how the role of the Internet has evolved in relation to terrorist groups. While it used to be used as a planning, coordinating and recruitment tool (and still is), now terrorist groups can use it to strike at targets, unseen from the virtual world. In this case, it’s considered cyber terrorism because known terrorist organizations are conducting the attacks, and so, it’s a matter of motivation that leads to this classification.

This article describes what it calls “cyber activism attacks”. They describe it as “digital disobedience. Hacking for a cause”. The targets are often local and state governments, police stations, banks, you know, establishments of “The Man”. And this is universal, regardless of the country targeted. Some view these hacktivists has harmless, and their activities as another form of protest, while others say their activities are highly disruptive, and a cyber form of criminal trespassing. One of the most well known hacktivist groups is Anonymous, who describes themselves as a “relatively small vigilante cyber group” that has “expanded and transformed into a continuation of the Civil-Rights movement.” Again, it’s a matter of motivation.

Related specifically to my area of interest, I found an article from a little over a month ago, talking about an Iranian cyber attack on Israel, launched by a governmental funded group called OILRIG. It was foiled when cyber activists from the hacker group ShadowBroker exposed the attack. This attack would have happened during the annual cyber attack on Israel by Anonymous, known as #OpIsrael. Interestingly enough, the hacktivists who indicated that they were interested in taking part in the Op were themselves hacked by cyber terrorists.

Reflection:

Before reading these articles, I had a pretty good idea of the difference between cyber terrorism and cyber activism. These articles only served to confirm and broaden my understanding of it. It’s all a matter of perspective, and motivation. Hacktivists and cyber terrorists often do the exact same things on the Internet, conduct the exact same types of attacks for the exact same results. It’s the “why” that is important. Cyber terrorists may be advancing their own political agenda (or that of the government funding them) while cyber activists are fighting for their rights, or the rights of others, taking on what they see as an oppressive regime/government. In this sense, cyber activists would be radicals, through and through, protesting and resisting, and helping others to protest and resist. And while some cyber terrorist groups might be radicals right now, their motivations, or the motivations of those funding them, could be seen as political realism. That’s another important note, I haven’t found any instance of hacktivists being funded by the government, while cyber terrorists seem to be government or state sponsored agencies.

This report details the activities of the Rocket Kittens, showing how they’ve been tracked back to Iran, and how their leader was identified. Despite all this, the group is still active, and along with Tarh-Andishan (The Thinkers), have continued to receive governmental support.

This article pointed out that not only are the two groups I’ve mentioned active, there are several other government funded cyber groups making attacks on behalf of Iran. This article details how the attacks are taking place, linking them to several scams and malware attacks against the US and other countries.

Reflection:

I knew that the Rocket Kittens and The Thinkers were probably still active, but I didn’t know to what extent. Nor was I aware that, after the success of their initial two groups, the Iranian government has apparently diversified their cyber activities, creating even more cyber warfare groups. I was also unaware of the particulars of *how* they were carrying out these attacks, and the two articles were quite informative in that regard. I knew what Denial-of-Service attacks were, and what phishing was, but I had no idea that they were actually using legitimate means (through authentic VPNs) to infect people’s computers, and even remotely wipe government hard drives. If I had to categorize these groups, I would say, right now, they’re radicals. Their goal appears to be to inflict as much damage as possible and tear down opposing governments. However, while the groups themselves might be radicals, I would argue that the Iranian government funding them would be political realists, working to establish a more secure nation for themselves via cyber warfare, since they were “forced” to give up their nuclear arms.

While this article discusses many things, the part that interests us in the activities of cyber activists (hacktivists) in Egypt. After the Internet was shut down in Egypt during the Arab Spring, hacktivists accessed the servers to restore Internet access, enabling protesters to plan and communicate again. They did the same in Tunisia. The key take away is, there’s a fine line between cyber-activism and cyber-terrorism, often depending on who the target is, and why.

This online journal article discusses how the Internet played a key role in leading to the Arab Spring. They discuss how, thanks to the anonymity of the Internet, the population was able to freely express their viewpoints without fear of censorship and reprisal, and circumvent systems put in place that would have normally silenced their legitimate voice. They also discuss, in depth, how this cyber-activism spread awareness through Egypt, Tunisia and Libya, through the use of political blogs.

Reflection:

Being an American, I take it for granted the amount of information I have available. If I want to know anything about an official or politician, or even someone like a professor, the information is readily available online. This isn’t the case elsewhere, and it certainly wasn’t the case in Egypt or Tunisia. However, thanks to the efforts of their “netizens”, awareness of public issues, and public problems, was able to spread faster than ever before. I never really gave much thought as to how information is disseminated, but without cyber-activists in Egypt and Tunisia, the Wikileaks articles, which helped trigger the Arab Spring, may never have reached such a wide audience as quickly as it did. I also take my individuality and voice for granted, because it’s something I’ve always had, and in that regard, the second article pointed out something interesting. The Internet, and the activist blogs established by Egyptians and Tunisians, gave everyone a voice, whether you were a man, a woman, rich, or poor, you could speak with your own voice, and be heard. And this, too, helped to pave the way towards revolution.

Of the cyber space super powers, Iran is the first to attempt to do actual damage with their hacking, instead of just recon. There are two main cyber groups operating out of Iran, the Rocket Kittens and The Thinkers. It is speculated that Iran has gravitated towards cyber attacks because it allows them to “strike back” against sanctions and traditional military action.

In the beginning, Iran obtained surveillance equipment from China. This equipment allowed them to establish their own Supreme Council on Cyberspace in 2012. In 2012, they launched several attacks against American targets, including banks, a small dam, and over 40 Denial-of-Service attacks against the financial and banking sector. They attacks are continuing to this day.

Reflection:

Traditionally, cyber warfare has been for espionage or reconnaissance purposes, to gain intelligence, steal technology, or plant surveillance measures. Iran is the first country to conduct cyber warfare operations for the express purpose of causing as much damage to systems and infrastructure as possible. As such, the other cyber super powers (the United States included) need to step up their game in terms of defense and counter-operations. Security firms already exist that set up dummy networks to deceive and observe hackers, which is how we learned just how effective, and aggressive, Iran is. They [Iran] have been hailed as “the new China” when it comes to cyber warfare. Why focus on the cyber front, though? Because that’s the only way Iran can really fight back against the military might and the sanctions leveled against them. However, as these sanctions are being lifted, they’ll have to consider just what direction to take their cyber operations. Before reading these articles, I knew that Iran was active in cyberspace, but I had no idea to what degree. I was familiar with what you would call “traditional” cyber warfare, but it sounds like Iran is changing the face of cyber warfare, and forcing the other super powers to adapt at their pace. In my mind, this gives them an advantage that they appear to be capitalizing on. However, as previously stated, as sanctions run their course, they’ll have to choose their actions carefully, lest the international community renew those sanctions in response to their cyber attacks.